An obligation of allowing local authorities to access information exchanged between terminals of networks owned by telecommunication service providers exists in many countries. Implementing a lawful interception system or a communications interception system may be a requirement for being able to work as a telecommunications service provider in said countries. This obligation of allowing the interception of communications is also applied to the communications by means of the IP protocol.
For example, in the United States of America, the “Communications Assistance for Law Enforcement Act”, from now on CALEA, requires the telecommunications networks and the telecommunications service providers to have means which enable the legal interception of communications.
In December 1997, the “Telecom Industry Association” (TIA) developed the J-STD-025 standard which helps the telecommunications service providers to carry out the obligations established by CALEA.
Section 229, part a), of CALEA states that the Federal Communication Commission may establish the necessary rules for the telecommunications service providers to implement the obligations stated by CALEA.
In August 1999 the Federal Communication Commission (FCC) published a rule which required the telecommunications service providers to allow the interception of communications which use commuted packets technology, like, for example, the IP protocol used in the Internet. The FCC established September 2001 as the limit date for the telecommunications service providers to implement the systems to allow the interception of communications in the commuted packet networks.
In 1994, the FCC published a “Notice of Proposed Rulemaking” which establishes that the Voice over Internet Protocol (VoIP) services is subject to the obligations of CALEA.
However, some features of the IP protocol increase the difficulty to implement the legal communications interception systems within commuted packet networks. While in the systems based in commuted circuits, the data of the communications follows a determined path until their destination. In the systems based on commuted packets, like for example IP, each data packet may follow a different path until its final destination.
Another difficulty to intercept communications based on VoIP is the encryption of the data transmitted in the data packets. In recent years the computer security has increased in the Internet protocols published in the Internet Engineering Task Force (IETF).
One of the most used protocols in VoIP communications is the Session Initiation Protocol or SIP. In recent years, the SIP protocol has turned into the most used protocol in applications and devices of VoIP.
The SIP protocol is described in the specifications of RFC3261, J. Rosenberg et. al., June 2002, published online by the Internet Engineering Task Force (IETF) and available at www.ietf.org/rfc/rfc3261.txt.
The SIP protocol is a protocol which administers the session establishment but does not send the communication data. For example, in a VoIP session, the SIP protocol is used for establishing a session between various pieces of equipment, which is commonly known as “signalling”, and a different protocol, such as the Real Time Protocol (RTP), is used for transmitting the coded voice between said equipment.
The RTP protocol is described in the specification RFC 3550, H Schulzrine et. Al., July 2003, published online by the IETF and available at www.ietf.org/rfc/rfc3550.txt
The SIP protocol found in RFC3261 considers different security protocols for a secure exchange of SIP messages.
A first basic security protocol which may use SIP is the protocol known as “HTTP digest” which enables an authentication of messages and a replay protection.
The HTTP digest protocol is described in RFC2617, J. Franks et. al., June 1999, published online by the IETF and available at www.ietf.org/rfc/rfc2617.txt.
A second security protocol fro SIP is the “S/MIME”. Its use in SIP is described en section 23 of said RFC3261 specifications.
The S/MIME protocol is described in RFC2633, B. Ramsdell, June 1993, published online by the IETF and available at www.ietf.org/rfc/rfc2633.txt.
A third security protocol for SIP is the “Transport Layer Security” (TLS) protocol. Its use in SIP is described in section 19.1 “SIP and SIPS Uniform Resource Indicators” of RFC3261. Said section states that a URI (Uniform Resource Identifier) of a SIPS type establishes that the resource referred by the URI has to be contacted in a secure way. Therefore, the TLS protocol has to be used between the User Agent Client (UAC) and the domain which the URI belongs to. When inside the URI's domain, a secure means of communication is used depending on the security policy of said domain.
The TLS protocol, standardised by the IETF from the SSL protocol (Secure Sockets Layer) developed by Netscape, uses digital certificates for servers authentication and its use is widespread in the Internet.
Another security protocol whose use is considered in RFC 3261 is the IPsec protocol. Section 26.2.1 “Transport and Network Layer Security” of said RFC shows that the IPsec is usually used in architectures where a plurality of equipment or domains have a trust-based relationship between them, which is not always possible.
IPsec is a plurality of security protocols developed by IETF. The basic architecture of IPsec is described in RFC4301, Security Architectures for the Internet Protocol, S. Kent et. al., December 2005, published online by the IETF and available at www.ietf.org/rfc/rfc4301.txt.
The use of said security protocols in SIP with the different paths which an IP packet may use, make difficult the interception of the communications used by the SIP protocol.
Another factor which makes difficult the legal interception of the communications which use the IP protocol is the continuous evolution of the protocols used by the IP packets, the majority of whom are designed by the IETF.
In the year 2000 there was a debate in the IETF about the convenience of taking into account or not the legal interception of communications when designing communications protocols. The result of said debate was that the IETF decided not to take into account the legal interception of communications. The reasons of said decision are explained in the RFC 2804 specifications “IETF Policy on Wiretapping”, Harald Alvestrand, et al., May 2000, published by the IETF and available at www.ietf.org/rfc/rfc2804.txt.
Since the majority of the communication protocols through the Internet are designed by the IETF, this decision implies that almost all the protocols used in Internet are designed without taking into account the legal interception of communications.
A basic requirement of the systems for legal interception of communications is that the interception may not be detected by the people involved in said communications since if they do, they will not exchange important information or may exchange false information for cheating the authorities who are intercepting the communications.
The present invention describes an improved method and system for allowing legal interception of the communications which use the SIP protocol.